(In reply to comment #33)
[snip]
> So, what it alls boils down to is that CAcert needs to produce a policy that the
> developers find satisfactory. Let's not rush it. Those who feel a need for
> CAcert certificates should get involved with them to produce a good policy.
> AICPA's recommendations could form the basis for the policy work, but the
> objective should not be to satisfy AICPA (because it clearly means nothing), but
> to satisfy NSS developers.
I don't think people are rushing it, remember that this report was opened on
2003-08-06. Although I agree that nobody wants to force anything. NSS/PKI
developers have be convinced by CAcert that the system is secure and works
smothly. This is a matter os developers expressing their doubts and CAcert
answering them. Let's hope an agreement can be reached.
(In reply to comment #33)
[snip]
> So, what it alls boils down to is that CAcert needs to produce a policy that the
> developers find satisfactory. Let's not rush it. Those who feel a need for
> CAcert certificates should get involved with them to produce a good policy.
> AICPA's recommendations could form the basis for the policy work, but the
> objective should not be to satisfy AICPA (because it clearly means nothing), but
> to satisfy NSS developers.
I don't think people are rushing it, remember that this report was opened on
2003-08-06. Although I agree that nobody wants to force anything. NSS/PKI
developers have be convinced by CAcert that the system is secure and works
smothly. This is a matter os developers expressing their doubts and CAcert
answering them. Let's hope an agreement can be reached.
David